PHP Net Tools nettools.php command execution
| phpnettools-nettools-command-execution (25941) |  High Risk |
Description:
PHP Net Tools could allow a remote attacker to execute arbitrary commands. A remote attacker could send a specially-crafted request to the nettools.php script using the host parameter and a '|' pipe character to execute arbitrary commands on the system.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of PHP Net Tools (2.7.2 or later), available from the PHP Net Tools Web site. See References.
References:
- PHP Net Tools Web site: PHP Net Tools.
- BID-17601: PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability
- CVE-2006-1921: nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.
- SA19694: PHP Net Tools "host" Shell Command Injection Vulnerability
- VUPEN/ADV-2006-1420: PHP Net Tools host Parameter Handling Remote Code Execution Vulnerability
Platforms Affected:
- FreeBSD FreeBSD
- PHP Net Tools PHP Net Tools 2.7.1
Reported:
Apr 19, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net